Search CVE reports
1 – 6 of 6 results
CVE-2023-44272
Medium priorityA cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.
1 affected packages
webcit
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
webcit | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-27742
Medium priorityAn Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in...
1 affected packages
webcit
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
webcit | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-27741
Medium priorityMultiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly...
1 affected packages
webcit
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
webcit | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-27740
Medium priorityCitadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
1 affected packages
webcit
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
webcit | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-27739
Medium priorityA Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple...
1 affected packages
webcit
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
webcit | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2009-0364
Medium priorityFormat string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors.
1 affected packages
webcit
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
webcit | — | — | — | — | — |